If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

MAC address detection

I am running a torrent tracker and would like to make my users accounts safer...so i would like to make an account acessible from only 1 pc and i'd like to make this using the MAC address or CPU-ID...could it be done using PHP or any other language that could be implemented in a website? If so which is the language and how could i do this?

Scince your dealing with a web site for authintication - no - MAC address isnt one of the SERVER VARIABLES available to you. Maybe make the MAC address a part of the login. Show them how to obtain the MAC and use it to authinticate. But if they write it down and take it to another pc this idea wont work. (hoping no one can remember a MAC address)..

the thing is that the user isn't supposed to enter the mac....i have to get the mac in order to check it when somebody starts their torrent client so i can compare it to the one in the database....so i have to do this automatically....would an activex component solve my problem? if yes...how do i build it...maybe a few outlines or smth to start from....

You're not going to get the MAC address of the remote machine from the packets themselves. The packets will show the MAC address of the last router the packet passed through.

You could do it with some script or something I'm sure... But I have never used torrents so I don't know how they work.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

here is an idea - durring account creation - take the unix time of the new account - store it and a MD5 version of the unix time into the regiser database. create a cookie on the client with the MD5 key. Now - there is now way that the hacker can hack this because he dont know the exact unix time of creation.

upon future logins - query the MD5 from the cookie and unix time from database and see if match - if not - hacking has happened. Ill have to think on this one more....sounds fool proof.

In the case of cookies being cleared, there could be a 2nd factor authentication process on the web server, say, having a button saying "Request new cookie", then asking for your first pet's and mother's maiden name.